You can enable individual web
service applications to use
cryptographic keys stored in hardware devices in Web Services Security.
Procedure
- In
the administrative console, click and then select the server name.
- Under Security, click JAX-WS
and JAX-RPC security runtime.
- Under Additional
properties, click key
locators.
- Select the key locator
name.
- Under Key store,
specify the name
of the keystore configuration.
If the keystore reference
is specified to a hardware device configuration, the Web Services
Security runtime first attempts to obtain the cryptographic algorithm
from the hardware device. If the hardware device is not supported
or if it fails, the runtime for Web Services Security obtains the
cryptographic algorithm from the security providers list. Read about
creating a keystore configuration for a preexisting keystore file
for more information about how to create the name of a keystore configuration.
If hardware acceleration
is enabled, the Web Services Security run time first attempts to use
the hardware device for cryptographic operations. If the attempt to
use the hardware device fails or if the algorithm is not supported
by the hardware device, the runtime will use a software provider from
the security providers list. The runtime displays a warning message
that you failed to use hardware cryptographic provider but the process
will continue using the software that is provided.
- Click OK.
Results
If
the name of the keystore reference is a Java keystore
file, a hardware acceleration device that is configured at the application
server level (ws-security.xml) will be used for
cryptographic operations.